[Freedombox-discuss] Since the dist-upgrade of 2 days ago, no packets flow in<->out

[A. F. Cano]

hi,

First a few comments on the upgrade of my FreedomBox:

I had the option to upgrade to the latest stable release checked, so
this happened when Debian 12/bookworm became stable (I was running 11 on
the FreedomBox.

I expected it would take a while but not 2 days.  I was logged in via
ssh so kept inspecting what was going on.  Mostly things kept working
during the upgrade.  Privoxy (and the internal web browsers that depend
on it) worked while the upgrade was going on, but plinth/the web
interface started giving the "down for maintenance" screen almost
immediately.  Soon after, running fetchmail (the way I get email)
stopped working.

Checking with top showed lots of cpu time being taken by plinth,
unattended upgrades and other package-related processes.  This is normal
I thought.  But then processes related to ejabberd started taking a lot
of cpu time, as well as matrix-synapse, so I stopped those.

Finally, earlier today as the upgrade was nowhere near finished after 2
days, I finished it with aptitude.  There remained about 500 packages.
Those got installed in about an hour, including the configuration of
grub-pc, which required entering manually "Yes" to the prompt:

  Writing GRUB to boot device failed - continue?

This has been the case every time this package has upgraded.  My
FreedomBox is an apu1d4.

After some time, both ssh connections froze and the FreedomBox was
totally unreachable.  I waited another hour+ to let whatever might still
be going on inside finish and then pulled the plug.

It booted fine and luckily I could get back in via ssh.  A bit more
installing via aptide and a reboot later (new kernel), it was mostly
working, but a few problems remain.

* php-common 2.93 won't install because php7.4.33+deb11u3 has 48
  dependencies.  Since I'm not sure how much damage I can cause by
  removing all those dependencies manually I'll do that later and
  gradually, assuming that some package management solution doesn't
  happen in the meantime.

* Zopth stopped working.  Besides 3 warnings:
  "Zoph has not yet been tested against version PHP 8.2 and later."
  "max_execution_time is set to less than 60 seconds."
  "post_max_size is set to less than 16M."

  That I'll have to fix in php.ini,
  "upload_max_filesize should be 8M or more"
  has a big red X on it resulting in "unmet requirements".

  So more manual fixing.  But at least all this, presumably, is a matter
  of looking for all the variables and fixing them.

* on a couple of occasions aptitude asked me if I wsnted to keep the old
  configuration file, I said yes.  In the case of privoxy this ended up
  causing problems (some items in the diagnostics failed), so had to
  rename the config files and use the new one.

The issue that I have no solution for and is quite critical is that no
packets flow through the firewall.  Even though the firewall page claims
that all requests originating from inside should go through (and did
before the upgrade), I have to disable the firewall to get and send email.
Similarly, any HTTP or HTTPS request that doesn't go through privoxy
(such as aptitude requests to the Debian repositories) fail.  I have
encountered this before and it eventually got fixed.

I tried opening port 993 in both the internal zone and external, but of
course it did nothing.  The issue is more general than this one port.

So, the most important issue is to figure out why the firewall is not
letting anything through.  Any ideas, anyone?

Even with these issues, I understand that a dist-upgrade is a huge task
and some trouble has to be expected.  Still it would be nice to
understand why those issues happen and how to fix them.  Thanks a lot,
especially to the developers.

Augustine, who will now disable the firewall to send this.